Every day, new cybersecurity threats emerge that pose significant risks to public sector and government organisations. The use of ransomware is no longer the preserve of sophisticated, tech-savvy cyber-criminals or hackers, but is openly touted and sold, available to download on the dark web for as little as the price of a pint.
State actors and authoritarian geopolitical competitors emerge and re-emerge on the threat landscape, creating challenges for organisations and governments when it comes to protecting citizens’ privacy, public service delivery and critical national infrastructure.
The coronavirus pandemic has precipitated the beginning of a work-from-anywhere culture that exacerbates cybersecurity issues and places increasing demands on teams working to maintain cyber-safety and resilience. Meanwhile, the digital skills gap places huge strain on institutions looking to secure their networks and data.
To discuss the huge range of contemporary cyber challenges facing large organisations in an era of digital transformation, Chris Parker, MBE, Director for Government Strategy at Fortinet, talks about what’s at stake today, and how much has changed.
Spotlight: How did you develop your expertise in cyber security?
Chris Parker: I’ve been lucky enough to have had a really varied professional life. There’s my military background, involving big operations, then I went into construction as a chief operating officer, then I went into oil and gas exploration. But the common thread running all the way through my career has been the mitigation of that risk. I’m a risk mitigation expert. I’ve also led a number of businesses, with one of them in cyber, so I’ve been in that space for about seven years and have since joined Fortinet. This isn’t the usual route for a cybersecurity professional – which would probably involve doing computer programming at university and doing a masters afterwards – but it means I can see things from a slightly different perspective and, crucially, from a customers’ perspective, because I’ve worked in many roles across a range of sectors.
What are the biggest cyber threats to public sector and government institutions in the UK at the moment?
Firstly, the ransomware threat is getting worse because of automation. It’s getting much easier for both experienced and beginner threat actors to use and engage in cybercrime. If the cybercriminals are using automated technology, then we – the good guys – have got to step up with automated technology to keep them at bay.
There’s ‘push and shove’. It’s almost like a seesaw between what we’ve got coming at us on the one hand – complex cyber threats – and on the other hand, your resources, your kit, your money, your risk appetite, and crucially your people all helping counter-balance that seesaw.
If you’re a well-known bank or financial institution you’re probably putting significant resources into mitigating risk. But the public sector usually has fewer resources, money is obviously more scrutinized and there’s slightly less agility. So, there’s a compelling need to keep that seesaw balanced in their favour, and the way to do that is to make sure you’re using the very latest technology to add extra weight to the seesaw. Where you can’t employ 50 expensive analysts and get a load of new hardware all the time, you’ve got to use the very best automated technology to keep that balance tipped in your favour.
What kinds of technology can be put to use to mitigate these threats?
Because Fortinet is the number one cybersecurity company in the world, we have the largest collective memory in the industry which enables the best data for threat analysis in the world.
We look at dangers in real time, collecting huge amounts of data on the ever-evolving cyber landscape and cyber threat actors. Unfortunately, we’re seeing a significant increase in automated ransomware and the rise of so-called ‘ransomware as a service’, in which people are hiring tools and people on the dark web to help them to easily launch attacks.
The challenge is to offer solutions that can counter these threats. In an age of digital transformation and the rise of a work-from-anywhere culture the challenge is greater than it’s ever been.
How has digital acceleration affected the cybersecurity space?
An unexpected phenomenon that the pandemic triggered was the acceleration of digital initiatives. With a largely 100 per cent virtual workforce, organisations across the board embraced digital technologies as the way to combat the disruption caused. Unfortunately, the bad guys really upped their game in response to that and subsequently we saw a marked increase in cyber attacks. Regrettably, it is another new day, another threat vector in this world.
However, there’s a lot that we can do and a lot that we’ve already done. Much is about upskilling the workforce because it’s not just IT teams that need to be plugged into these threats but the whole organisation from top to bottom. Cyber security awareness training is an absolute must, along with implementing tools like two-factor authentication and ‘zero trust’ policies.
More broadly, on a less granular level, we’re lucky enough that the government is very much aware of the challenges facing organisations and the role that cybersecurity must play. Fortinet is fully on board with the UK government’s Cybersecurity Strategy, and we share our data with the Cyber Threat Alliance and our threat research eco-system. It’s all part of a one nation approach to threat mitigation. We’re not hoarding our knowledge and resources for ourselves – it’s extremely collaborative.
Fortinet’s primary objective is to make possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. That’s our purpose and we’re working in partnership with government and with others in the industry to counter the ongoing cyber threat.